torsdag den 28. oktober 2010

Project ITS (IDS/IPS setup) 3

Group:

Simon Arndal, David Herreborg and Georgi Petrov

Content of 28/10 (Project ITS - IDS/IPS setup):
28/10-2010 status:
The network interface card was put in place in the Pfsense machine. The rules has been downloaded for snort and the internal network is up and running. A scenario has been created.
Current scenario
To be able to present this project to a wider audience, from now on we are taking the role of a web designing company named "Caps-WebDesign". The company has a database server and a web server sitting behind a firewall with IDS/IPS. There is an administrator monitoring the servers and the network, and there is pc on the outside, which will do penetration testing. Presented below is the block diagram of the "Caps-webDesign" showing the current setup.

Timeline (PROGRESS)

Done so far:

- Hardware requirements fullfilled (except one missing NIC)

- Software required installed (open source programs used)

- pfSense installed (Router/firewall software)

- Apache and MySQL are up and running (Webserver and Database)

- phpMyAdmin installed and works (Graphical User Interface for the MySQL database)

- HSLAB HTTP Monitor Lite installed (Apache monitoring software)

- Set up HSLAB HTTP Monitor Lite

- Done research about snort + snort together with pfSense

- Presentation of work so far and basic idea. 27/10-2010 kl. 09:56

- Setup Weblog Expert Lite (Software that replaces the HSLAB) and it is working.

- Network interface card has been inserted to the Pfsense PC.

- Presentation of the progress and the setup of "Caps WebDesign" 28/10-2010 kl. 12:23

- Find another solution for monitoring the Apache server traffic internally (Simon)

- Make the Apache and MySQL more reliable (Simon)

- Add a Network Interface Card to the pfSense machine (David)
- Install snort package for pfSense (Georgi)

What to do: (new tasks: output in green)

- Add rules to the snort IPS system (Common task)

- Decide on whether pfSense is the right system for us to use (Common task)

- Get snort to work probberaly and do penetration testing with metasploit. (Common task)

Presentation(s):

Upcomming presentation: 2nd of November 2010

About: Snort and pfSense

onsdag den 27. oktober 2010

Project ITS (IDS/IPS setup) 2

Group:

Simon Arndal, David Herreborg and Georgi Petrov

Content (Project ITS - IDS/IPS setup):

Todays demonstration covered a basic review of the project and it's different parts, with focus on the internal network. After a brief presentation of the content and idea so far, a demonstration was conducted. This demo involved an apache server, PHPmyadmin, MySql, a switch and the software HSLAB. The below screenshots shows some examples from the demonstration:

Screenshot of HSLAB HTTP Monitor Lite working (in some way)
---This piece of software didn't work as we would like it to. Therefore another software is being searched for and will eventually be implementet when found.

Screenshot of Apache server running

Screenshot of MySQL database working

Timeline (PROGRESS):

Done so far:

- Hardware requirements fullfilled (except one missing NIC)

- Software required installed (open source programs used)

- pfSense installed (Router/firewall software)

- Apache and MySQL are up and running (Webserver and Database)

- phpMyAdmin installed and works (Graphical User Interface for the MySQL database)

- HSLAB HTTP Monitor Lite installed (Apache monitoring software)

- Set up HSLAB HTTP Monitor Lite

- Done research about snort + snort together with pfSense

- Presentation of work so far and basic idea. 27/10-2010 kl. 09:56

- Setup Weblog Expert Lite (Software that replaces the HSLAB) and it is working.

What to do: (new tasks: output in green)

- Find another solution for monitoring the Apache server traffic internally (Simon)

- Make the Apache and MySQL more reliable (Simon)

- Add a Network Interface Card to the pfSense machine (David)

- Install snort package for pfSense (Georgi)

- Add rules to the snort IPS system (Common task)

- Decide on whether pfSense is the right system for us to use (Common task)

- Search for another piéce of software to monitor the apache server. (Simon)

- Make a installation in virtualbox and try setting up and add rules to Pfsense. (common task)

Presentation(s):

Upcomming presentation: 28th of October 2010

About: Demonstration of the rules added in the "virtual setup" Pfsense and show the new monitoring software for the apache server(Weblog Expert Lite).

mandag den 25. oktober 2010

Project ITS (IDS/IPS setup)

Group:
Simon Arndal, David Herreborg and Georgi Petrov

Basic idea (Project ITS - IDS/IPS setup):
The main purpose of this project is for us to set up a system containing an Intrusion Dection System and an Intrusion Prevention System.
We have chosen to use the pfSense system as our Gateway and DHCP server, which also contains the IDS and IPS at the same time.
Furthermore we will implement a switch in the network layout to be able to monitor the system parallel with a running server (more specific an Apache Web Server and a MySQL database).

Timeline (PROGRESS):
Done so far:
- Hardware requirements fullfilled (except one missing NIC)
- Software required installed (open source programs used)
   - pfSense installed (Router/firewall software)
   - Apache and MySQL are up and running (Webserver and Database)
   - phpMyAdmin installed and works (Graphical User Interface for the MySQL database)
   - HSLAB HTTP Monitor Lite installed (Apache monitoring software)

What to do:
- Set up HSLAB HTTP Monitor lite (Simon)
- Add a Network Interface Card to the pfSense machine (David)
- Research about snort (Georgi / David)
- Install snort package for pfSense (Georgi)
   - Add rules to the snort IDS/IPS system (Common task)

Presentation(s):
Upcomming presentation: The 27th of October 2010
   About: This presentation will contain a demonstration of the "Internal network" in
   operating mode and monitoring the traffic.